There's a well-documented crisis facing the domain name system: very few who rely on domain name registration data from the Whois database to perform vital functions can do so any longer, which is escalating consumer harm and abuse on the internet worldwide. And the problems, thanks to ICANN's overly restrictive policy post-GDPR and a failing policy process, are piling up. more
Over the past 30 years the Domain Name System has become an integral part of the operation of the Internet. Due to its ubiquity and good performance, many new applications over the years have used the DNS to publish information. But as the DNS and its applications have grown farther from its original use in publishing information about Internet hosts, questions have arisen about what applications are appropriate for publication in the DNS, and how one should design an application to work well with the DNS. more
Perhaps Morgan Freeman never learned about the high profile domain name disputes involving celebrity names (e.g., Madonna, Bruce Springsteen and Julia Roberts), because he didn't register morganfreeman.com before it was snatched up by Mighty LLC in April 2003. After learning about Mighty LLC's (no stranger to domain name disputes) cybersquatting, Freeman filed a complaint before a WIPO arbitration panel under the Uniform Domain Name Dispute Resolution Policy... more
Phishing scams are nothing new in the online security world and show no signs of subsiding. The scam starts when a fraudster sends a communication purporting to originate from a trusted provider and encourages the recipient, often with a conveyed sense of urgency, to click a link. That link leads to a fake site, usually intended to collect confidential login credentials or other personal information. In similar scams, the mail may encourage the recipient to open an attachment loaded with malicious content. more
Late last week, ICANN published the guidance from the Article 29 Working Party (WP29) that we have been waiting for. Predictably, WP29 took a privacy maximalist approach to the question of how Europe's General Data Protection Regulation (GDPR) applies to WHOIS, a tool widely used by cybersecurity professionals, businesses, intellectual property owners, consumer protection agencies and others to facilitate a safer and more secure internet. more
In many respects the internet is going to hell in a hand basket. Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place. It is bad enough that bad folks are doing this. But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer. ...Some of us are coming to the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users. more
Developments in modern international relations have shown that traditional diplomacy is not capable of sufficiently addressing complex new issues, for example, the environment, health protection, and trade. Governance of the Information Society and the Internet is probably one of the most complex international issues facing diplomacy today. Issues surrounding the Information Society require a multi-disciplinary approach (the various concerns include technology, economy, impact on society, regulatory and legal issues, governance and more); a multi-stakeholder approach (various actors are involved, including states, international organizations, civil society, private sector, and others) and a multi-level approach (decision-making must take place on different levels: local, national, regional and global). Diplo has developed a research methodology which takes all of these approaches into account. Post includes illustration from Diplo Calendar 2004. more
As the year comes to a close, it is important to reflect on what has been one of the major actions in the anti-spam arena this year: the quest for email authentication. With email often called the "killer app" of the Internet, it is important to reflect on any major changes proposed, or implemented that can affect that basic tool that many of us have become to rely on in our daily lives. And, while many of the debates involved myriads of specialized mailing lists, standards organizations, conferences and even some government agencies, it is important for the free and open source software (FOSS) community as well as the Internet community at large, to analyze and learn lessons from the events surrounding email authentication in 2004. more
Once in a while, one comes across a new take on history that challenges everything you thought you knew. If you're the type who engages in bar bets with geeks, then this one is a certain gem. In 2001, Equifax submitted to the USPTO a sworn application to register a curious trademark, which eventually issued in 2004 with this data... Aside from the fact that Equifax has never actually held registration of the domain name efx.com, the truly outstanding fact here is that Equifax and/or its attorney has actually sworn to the United States Government that it was using "EFX.COM" as a mark for the provision of providing educational seminars via the internet since February 1975... Until now, I had imagined that Jon Postel added .com to the root in 1985. more
On February 4, 2004, United States Congress held a hearing on a new proposed bill called the Fraudulent Online Identity Sanctions Act (FOISA). This bill will increase prison sentences by up to seven years in criminal cases if a domain owner provides "material and misleading false contact information to a domain name registrar, domain name registry, or other domain name registration authority." What follows is a collection of commentaries made in response to this proposed bill. more
It's Apple's Developers Conference time again, and in amongst the various announcements was week, in the "Platforms Status of the Union" presentation was the mention of Apples support of IPv6. Sebastien Marineau, Apple's VP of Core OS told the conference that as far as IPv4 addresses are concerned, exhaustion "is finally here", noting that this already started in 2011 in the Asia Pacific while in North America IPv4 address exhaustion is imminent. Sebastien noted that it's really important to support IPv6 in devices and applications these days... more
In the wake of the unprecedented boom in mobile broadband, pressure is building around the world for governments and regulators to act quickly and decisively to the frantic demand for more spectrum. The telcos are leading the charge, but the broadcasters are lobbying for their case equally vigorously. The broadcasters do not necessarily need all the spectrum they currently have, but they view mobile broadband and telcos as competitors to their monopoly on video entertainment, so they will do everything to keep them out of that market for as long as possible. more
There is much talk currently about the WSIS meeting taking place in Geneva this week which means some needed attention is being paid to Internet governance. While some may view the term "Internet governance" as an oxymoron and my natural reaction is something along the lines of "I hope that they continue to view regulation as too complicated so that we Internet-folks can just keep doing what we are doing" I confess to knowing deep down that we would all be better off with a simple, effective policy framework than with the current anarchic state. more
There's talk that in the battle between the USA and Europe over control of ICANN, which may come to a head at the upcoming World Summit on the Information Society in Tunis, people will seriously consider "splitting the root" of DNS. I've written a fair bit about how DNS works and how the true power over how names get looked up actually resides with hundreds of thousands of individual site administrators. However, there is a natural monopoly in the root. All those site admins really have to all do the same thing, or you get a lot of problems, which takes away most of that power. Still, this is an interesting power struggle. more
I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byRadix
Sponsored byVerisign
Sponsored byCSC
A World-Renowned Source for Internet Developments. Serving Since 2002.